roundcubemail: possible CSRF attacks (CVE-2014-9587)
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
References:
http://seclists.org/oss-sec/2015/q1/113
CONFIRM:
https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9587
(from redmine: issue id 3832, created on 2015-01-29, closed on 2015-03-18)
- Relations:
- child #3833 (closed)
- child #3834 (closed)